Sometimes hackers have an advantage on the network ‘playing field’ but that edge may soon be tipped toward those protecting enterprise network systems.
Shanchieh Yang, a faculty-researcher at Rochester Institute of Technology, was recently awarded grant funding from the National Science Foundation and National Security Agency for two cyber security projects. They are intended to get ahead of attackers by understanding early warnings to prevent high-impact actions from happening, and by extracting important characteristics of these warnings and transforming them into a preemptive, tactical system.
Yang, professor of computer engineering in RIT’s Kate Gleason College of Engineering, received $666,960 from the National Science Foundation for “Synthesizing novel attack strategy for predictive cyber situational awareness.” He also was awarded $173,500 from the National Security Agency for “Modeling and simulation of adversary behavior and moving target defense.” Both projects began this fall.
In the NSF project, Yang and co-researchers are developing ASSERT—Attack Strategy Synthesis and Ensemble Predictions of Threats—to characterize attack patterns and combinations of exploit behaviors that attackers use. The team will investigate and develop an algorithmic framework to recognize attack strategies in their early stage to enable the prediction of critical threats to enterprise networks before they happen. This would be the key element of the ASSERT system—to enhance predictive cyber situational awareness for security analysts.
The algorithm will generate “attack models” that differentiate one attack strategy from another that can then be extrapolated to reveal additional attack scenarios that may or may not be known before, Yang explained. He compared the process to a tunable knob, where key characteristics of attack strategies would be ‘tuned’ to synthesize and simulate plausible attack scenarios and end results to help analysts obtain better situational awareness.